Jump to content


Photo

Explosion of spam and malicious emails in last several days


  • Please log in to reply
22 replies to this topic

#21 David Franklin

David Franklin
  • Members
  • 7 posts

Posted 16 July 2019 - 12:51 PM

@Michael Manning 

 

Yeah, a well tuned Bayes is essential. I just rebuilt mine in hopes of knocking this particular spam entity back, and it works. Sort of. Until they alter the message. Then you will have a wave hit your users with really low scores that score in the range you are allowing, Example:
 

7/16/2019 11:43 brandon.smith@secrertbenefits.com   The Trip of a Lifetime is Waiting. See Available Cruise Fares. 0.1 sunshine.secrertbenefits.com[93.119.178.13] 7/16/2019 11:43 elaine.kyle@secrertbenefits.com   Save On Last Minute Cruises - Search Here 0.7 sunshine.secrertbenefits.com[93.119.178.13] 7/16/2019 11:43 emma.d@secrertbenefits.com   The Trip of a Lifetime is Waiting. See Available Cruise Fares. 0.1 sunshine.secrertbenefits.com[93.119.178.13] 7/16/2019 11:43 elaine.kyle@secrertbenefits.com   Last-Minute Cruises at Big Savings 0.1 sunshine.secrertbenefits.com[93.119.178.13]

If I tag it spam, eventually my bayes will stop it and/or Barracuda will add custom rules that up the score. Then they change the message enough to avoid my bayes and/or Barracuda custom rules and you get similar messages in the user inbox again. 
 



#22 Michael Manning

Michael Manning
  • Members
  • 212 posts
  • LocationOhio, USA

Posted 16 July 2019 - 02:26 PM

I'm going to consider myself lucky then that the spammer aren't hitting me yet. There seems to be a big gulf between what is being delivered and what is being quarantined on our system. Scrolling through the logs it looks like everything being 'allowed' is more or less legitimate email from our customers or vendors with just a smattering of newsletters and such, and all have really low scores. Then there is a big jump in scores and that is either quarantined or blocked. 

 

we're also pretty small, under 60 recipients. I wonder if that makes a difference.



#23 Forrest Mook

Forrest Mook
  • Members
  • 58 posts

Posted 18 July 2019 - 10:56 AM

I've been getting this email junk since late 2018, but over time I've blocked an extensive amount of hosting provider IP address ranges (see previous posts in the thread https://community.ba...-thru-recently/), and that combined with a very low rate control setting blocks the vast majority of this stuff.   Just mentioning it as a way to tackle it without the cloud protection layer.